The rapid adoption of AI coding assistants has turned engineering teams into their own software developers, spinning up agents that act on their behalf and granting those agents the same access privileges their human creators hold. This shift has fundamentally changed the role of the chief information security officer, pulling it into territory that did not exist two years ago. Speaking at a cybersecurity conference, Hrvoje Englman, CISO at Span, a provider of IT services to enterprise clients, described how this new reality is reshaping what defenders worry about most.
Span's workforce includes a sizable population of developers alongside a larger group of engineers. The engineers are the new variable. With AI-assisted coding, they are building applications and personal agents to automate parts of their own jobs. Each new agent inherits the identity of its creator, and those identities are typically over-provisioned. Least privilege remains an aspiration that is hard to enforce in production environments. "I cannot be the blocker," Englman said. "You cannot block progress. People will find ways around it." His priority is enabling secure use of AI inside the company rather than prohibiting it.
The bus-factor problem multiplies
The risk extends beyond access control. When a single engineer automates a business process using five interacting agents and then leaves for another job, the organization inherits an undocumented system that nobody understands. Englman called this an inversion of the traditional bus-factor problem. Previously, a key person leaving created a knowledge gap. Now the agents they built keep running, and the company has no record of what they do or why. This undocumented automation can continue operating indefinitely, making changes to data, triggering workflows, and communicating with other systems without any oversight. The complexity multiplies when multiple engineers create overlapping agents, each with its own set of permissions and behaviors. Tracing the lineage of a particular action becomes nearly impossible without a comprehensive inventory and dependency map—something most organizations lack.
To mitigate this risk, Englman recommends treating AI-generated code and agents with the same rigor as any other software artifact. This means enforcing version control, requiring documentation, and implementing automated scanning for sensitive operations. However, he acknowledged that the pace of development often outstrips the security team's ability to review every change. The solution, he suggests, is to embed security checks directly into the developer workflow, using AI-powered tools to flag risky patterns before they are deployed.
Defender's leverage is real, with limits
AI has produced concrete gains in defensive work. Englman pointed to log analysis as one area where the value is immediate. Feeding hundreds of megabytes of log files into an AI tool and asking it to surface anomalies or pivot on an IP address compresses work that previously took analysts hours. Policy drafting is another use case. Generating a first draft from internal context can cut a three-day task to a single day, and the time savings compound across a workforce. These efficiencies free up senior analysts to focus on more complex investigations and strategic improvements.
He drew a sharper line on the vendor pitch for autonomous AI-driven security operations centers. The idea of defensive AI battling offensive AI in real-time, with no humans in the loop, does not match what is achievable now. Log ingestion remains the hardest part of running a SOC, and detection engineering still depends on people who can explain why an alert fired. "You get an alert, but your analyst doesn't understand the alert," Englman said, describing the failure mode he sees in teams that lean too heavily on automated tooling. "And you have two million alerts, and then what?" Autonomous isolation of systems remains out of reach because the AI does not understand the business process. Decisions about when to shut down a critical service get escalated to senior leadership during real incidents, and that judgment stays with humans.
He also pushed back on the industry framing of breaches. Most of the largest incidents trace back to phishing and credential theft. Vendors selling AI-powered SOCs as a defense against nation-state actors are addressing a smaller part of the problem than their marketing suggests. The majority of breaches involve simple techniques that are difficult to eliminate entirely. Instead of chasing exotic threats, Englman argues that organizations should focus on hardening the basics: multi-factor authentication, conditional access policies, and user education that goes beyond generic awareness training. He advocates for simulated phishing campaigns that test not just whether users click, but whether they report the suspicious email—a key indicator of a security-aware culture.
The threat model for a services provider
Span sells IT services to enterprise clients, which doubles its exposure. The company is a target in its own right and a target for attackers seeking access to its customers. A typical end-user organization can absorb a breach and recover. For Span, the response itself becomes the product on display. Englman said the company has to be able to demonstrate that controls were in place, that the failure was contained, and that the incident was handled with the same discipline it offers customers. Reputation is what gets sold, and negligence would end the business.
This dual responsibility influences every security decision at Span. When evaluating new tools or processes, the team asks not only whether it improves their own security posture, but also whether it strengthens the trust customers place in them. Incident response plans are rehearsed regularly, with simulated attacks that test communication chains both internal and external. Englman emphasized that transparency with customers is critical: if a breach does occur, the ability to provide a clear, factual account of what happened and what was done to contain it can turn a potential disaster into a testament to the company's competence.
Skills shortage, restated
The widely discussed cybersecurity talent gap, in Englman's view, is misframed. Entry-level applicants are abundant. Senior practitioners with five or more years of operational depth are scarce, and that gap cannot be closed quickly through training programs. The Span Cyber Security Center has trained more than 3,000 people, and Englman said the pipeline matters precisely because the industry's push toward automated tooling threatens to eliminate the junior roles where future experts get built. His measure for a SOC analyst centers on whether they can explain what the alert means and how the conditions that triggered it came about. Without that understanding, an analyst rolling a fifty-fifty guess on relevance is no better than a model doing the same.
To address this, Englman advocates for apprenticeship-style programs that pair junior analysts with senior mentors. Automation should be used to reduce repetitive tasks, not to replace the critical thinking that comes from hands-on experience. He also believes that the industry needs to broaden its hiring pool, looking beyond traditional cybersecurity certifications to include candidates from fields like data science, humanities, and even journalism—those with strong analytical and communication skills who can be trained on the technical aspects.
The wisdom he has discarded
Asked which piece of conventional security wisdom he has stopped believing, Englman named the framing of humans as the weakest link in the chain. He called it lazy and a form of blame culture. The responsibility, he said, sits with the CISO to build systems where a user clicking a malicious link does not bring the environment down. Brittle defenses that depend on perfect human behavior are a design failure. This philosophy has guided his approach to identity security: instead of expecting employees to never make mistakes, he designs authentication and authorization systems that limit the blast radius of any single error. Phishing-resistant multi-factor authentication, just-in-time privileged access, and continuous session monitoring are all examples of what he calls "defense in depth applied to human fallibility."
Englman also dismissed the notion that security should always win the battle for budget. In his view, the most effective CISOs are those who understand the business and can articulate security investments in terms of enabling revenue, not just preventing loss. By framing security as a business enabler, he has been able to secure funding for projects that might otherwise seem like sunk costs—such as building a custom identity governance platform for AI agents. The key is to show that security investments reduce friction for developers and engineers, allowing them to innovate faster without worrying about accidental exposure.
Looking ahead, Englman sees the next frontier as identity security for the agentic AI era. As agents become more autonomous and interconnected, the concept of identity will need to expand from human users to non-human entities. This means creating lifecycle management for agent identities, including provision, monitoring, and decommissioning. The CISO who masters this challenge will be the one who can sell confidence in a market full of breach headlines—not by promising perfection, but by demonstrating a realistic, layered approach that adapts to the speed of innovation.
Source: Help Net Security News